/terraform-provider-secrethub

Terraform provider for SecretHub

Primary LanguageGoApache License 2.0Apache-2.0

Terraform SecretHub

ProviderBETA

GoDoc CircleCI Go Report Card Version Discord

The Terraform SecretHub Provider lets you manage your secrets using Terraform.

SecretHub is a developer tool to help you keep database passwords, API tokens, and other secrets out of IT automation scripts.

Usage

provider "secrethub" {
  # pass in credential or set SECRETHUB_CREDENTIAL enviroment variable
  credential = "${file("~/.secrethub/credential")}" 
}

resource "secrethub_secret" "db_password" {
  path = "my-org/my-repo/db/password"

  generate {
    length  = 22
    use_symbols = true
  }
}

resource "secrethub_secret" "db_username" {
  path = "my-org/my-repo/db/username"
  value = "db-user"
}

resource "aws_db_instance" "default" {
  allocated_storage    = 10
  storage_type         = "gp2"
  engine               = "mysql"
  engine_version       = "5.7"
  instance_class       = "db.t2.micro"
  name                 = "mydb"
  username             = "${secrethub_secret.db_username.value}"
  password             = "${secrethub_secret.db_password.value}"
  parameter_group_name = "default.mysql5.7"
}

Have a look at the reference docs for more information on the supported resources and data sources.

Get Started

Check out the step-by-step integration guide to get started.

A detailed use case is described in the beta announcement. There are also some examples in this repo.

BETA

This project is currently in beta and we'd love your feedback! Check out the issues and feel free suggest cool ideas, use cases, or improvements.

Because it's still in beta, you can expect to see some changes introduced. Pull requests are very welcome.

For support, send us a message on the #terraform channel on Discord Discord or send an email to terraform@secrethub.io

Development

Building

Get the source code:

git clone https://github.com/secrethub/terraform-provider-secrethub

Build it using:

make build

Testing

To run the acceptance tests, the following environment variables need to be set up.

  • SECRETHUB_CREDENTIAL - a SecretHub credential.
  • SECRETHUB_TF_ACC_NAMESPACE - a namespace registered on SecretHub. Make sure SECRETHUB_CREDENTIAL has admin access.
  • SECRETHUB_TF_ACC_REPOSITORY - a repository within SECRETHUB_TF_ACC_NAMESPACE to be used in the acceptance tests. Make sure SECRETHUB_CREDENTIAL has admin access.

With the environment variables properly set up, run:

make testacc